Crucial Microsoft Fixes

Microsoft's latest batch of patches (all available via Automatic Updates) corrects three critical flaws, along with other less dangerous holes. The most important vulnerability affects users of Windows XP SP2 and 2000 SP4 who've installed versions 1.0, 1.1, or 2.0 of the popular .Net Framework, used by many programs--including some excellent free downloads. Viewing a poisoned site with IE could trigger an attack. And an Excel vulnerability could expose your PC to a takeover if you open a tainted spreadsheet in Excel 2000. The flaw is rated only "important" for newer Excel versions. The other critical flaw is mostly for IT administrators, as it hits Windows 2000 Server and Server 2003's implementation of Active Directory.

Flawed Flash

Adobe's Flash Player can trigger an attack if you open a specially crafted .swf movie file in versions matching or prior to 9.0.45.0, 8.0.34.0, or 7.0.69.0 on any supported OS. Use the auto-update feature to get the fix.

QuickTime Pitfalls

Apple scotched a bevy of nasty bugs in its QuickTime player that would let attackers run any command on your system after you viewed a rigged site or opened a hacked movie file. Versions prior to 7.2 for Windows XP SP2, Windows Vista, and Mac OS X are at risk. Apple's security bulletin has details, plus links to the corrected version, sent via Apple's automatic updates.